Guides
Guides
Start typing to search…

Getting Started with Alvys

This page will help you get started with Alvys. You'll be up and running in a jiffy!

🚀

What's New?

As of June 2025, Alvys has updated how we issue access tokens, bringing improved security and a more fine-grained permission model. The core OAuth 2.0 flow remains the same, but the token request endpoint has changed. The legacy /authentication/{tenant_id}/token-based method will be deprecated soon.


Create Client Application

To begin, create a new application from the Alvys Admin page. This will allow you to generate a client_id and client_secret.

  • client_id: The unique identifier assigned to this application or caller.
  • client_secret: A confidential token also provided by Alvys upon application registration.

Getting an Access Token

Once you’ve created your credentials, you’ll use them to retrieve a bearer token. This token is then passed in the Authorization header of every API request.

✅ Prerequisites

Before requesting an access token, ensure you have the following:

  • Client ID and Client Secret (from the Admin Portal)
  • The API Audience: https://api.alvys.com/public/
  • The correct grant_type: client_credentials

Token URL (Current)

https://auth.alvys.com/oauth/token

Request Body

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "audience": "https://api.alvys.com/public/",
  "grant_type": "client_credentials"
}

For detailed information, please visit our Authentication page.

🛑 Legacy Authentication (To be Deprecated Soon)

If you’re using the legacy token endpoint:

https://integrations.alvys.com/api/authentication/{TENANT_ID}/token

This method will be deprecated soon. Legacy credentials do not include scoped access and may behave differently. All clients should migrate to the new authorization flow to avoid disruptions.

Need help? Visit the Authentication Guide or contact [email protected].

Authenticating

Authenticating in Alvys is to confirm your account identity. The Client ID and the Client Secret are important credentials to authorize your application when making requests. These act as the security values to ensure your application and your account are linked together and the connection is protected.

To retrieve these credentials, you need to create a new application under the API settings section in your Account Settings:

  1. Navigate to API Access.
  2. Select Create New Application (Generate New Credentials).
  3. Enter the Name and Description for your new application credentials.
  4. Locate the Client ID and Client Secret in your new application.

These credentials are used for generating a Bearer (access) Token, which is used to authenticate requests against the Alvys API.


Getting Access Token

To retrieve your access token, set up your authorization request. This example uses Postman configurations to get a new access token. Follow the steps below to configure your new token request.

Set up Callback URL.

  1. Add Access Token URL: 
    https://integrations.alvys.com/api/p/authentication/`{tenant_id}`/token
  2. Add the Client ID.
  3. Add the Client Secret.
  4. Select "Get New Access Token."

Prerequisites

Ensure you have the following information before attempting to use the API:

  • Client ID
  • Client Secret
  • Tenant ID (Tenant Code)

These credentials can be found in the Alvys Developer Portal or by reaching out to your account representative for more information.

To collect your access token, proceed through the OAuth 2.0 authorization prompts from the callback URL. Additional information is available in the Authentication section.


Postman Public API Collection

We are also sharing a Postman Public API Collection for testing purposes. This collection allows you to interact with the Alvys API easily. However, please remember to replace the token generation data with your own credentials to ensure proper authentication.

To fork the collection, click the embedded Run in Postman button below (wait a few sec.), and on the fork collection page, click the button to add the collection to your Postman account.

Run In Postman

You can use Run in Postman button to quickly import our Public API collection into your Postman workspace. Be sure to replace any placeholder values (like REPLACE_WITH_CLIENT_ID, REPLACE_WITH_CLIENT_SECRET, and REPLACE_WITH_TENANT_ID) with your own credentials before making requests!

Updated 3 days ago